b'                                          December 19, 2007\n\n\n\n\nMEMORANDUM TO:              Luis A. Reyes\n                            Executive Director for Operations\n\n                            William M. McCabe\n                            Chief Financial Officer\n\n\n\nFROM:                       Stephen D. Dingbaum/RA/\n                            Assistant Inspector General for Audits\n\n\nSUBJECT:                    MEMORANDUM REPORT: REVIEW OF NRC\xe2\x80\x99S\n                            IMPLEMENTATION OF THE FEDERAL MANAGERS\xe2\x80\x99\n                            FINANCIAL INTEGRITY ACT FOR FISCAL YEAR 2007\n                            (OIG-08-A-05)\n\n\nThis report reflects the Office of the Inspector General\xe2\x80\x99s (OIG) assessment of the\nNuclear Regulatory Commission\xe2\x80\x99s (NRC) FY 2007 compliance with the Federal\nManagers\xe2\x80\x99 Financial Integrity Act (FMFIA) of 1982. We found that NRC complied with\nthe FMFIA, except for the following material weakness associated with the Federal\nInformation Security Management Act (FISMA):\n\n   \xe2\x80\xa2   Lack of current certification and accreditation for the agency\xe2\x80\x99s information\n       system security program, and\n\n   \xe2\x80\xa2   Lack of annual contingency plan testing for the agency\xe2\x80\x99s information system\n       security program.\n\nThis report contains no recommendations because the material weakness and the\nrelated audit recommendation are included in the OIG report, Results of the Audit of\nthe United States Nuclear Regulatory Commission\xe2\x80\x99s Financial Statements for Fiscal\nYears 2007 and 2006, report number OIG-08-A-01, dated November 9, 2007.\n\x0c     Review of NRC\xe2\x80\x99s implementation of the Federal Managers\xe2\x80\x99 Financial Integrity Act for Fiscal Year 2007\n\n\n\nBACKGROUND\n\nThe FMFIA was enacted on September 8, 1982, in response to continuing disclosures\nof waste, loss, unauthorized use, and misappropriation of funds or assets associated\nwith weak internal controls and accounting systems. Congress believed that such\nabuses hampered the effectiveness and accountability of the Federal Government and\neroded the public\xe2\x80\x99s confidence. The FMFIA requires Federal managers to establish a\ncontinuous process for evaluating, improving, and reporting on the internal controls\nand accounting systems for which they are responsible.\n\nThe FMFIA requires that, each year, the head of each executive agency (subject to\nthe FMFIA) shall submit a statement to the President and the Congress on the\nadequacy of the agency\xe2\x80\x99s systems of internal accounting and administrative control.\nNRC incorporates its FMFIA statement in its annual Performance and Accountability\nReport.\n\nEffective for FY 2006, Office of Management and Budget (OMB) Circular No. A-123,\nManagement\xe2\x80\x99s Responsibility for Internal Control, revised December 2004, requires\nthat management provide a separate assurance statement relating to internal control\nover financial reporting. In addition, both OMB Circular No. A-123 and OMB Bulletin\nNo. 07-041, Audit Requirements for Federal Financial Statements, require that\nsignificant deficiencies identified under FISMA be reported as material weaknesses in\nthe annual FMFIA report.\n\nRESULTS\n\nThe Chairman and the Inspector General reported the same results on the agency\xe2\x80\x99s\nFY 2007 compliance with the FMFIA as discussed below.\n\nFederal Information Security Management Act\n\nBoth the Chairman and the Inspector General identified a material weakness related\nto the:\n\n       (1)    Lack of current certification and accreditation for the agency\xe2\x80\x99s information\n              system security program, and\n\n       (2)    Lack of annual contingency plan testing for the agency\xe2\x80\x99s information\n              system security program.\n\n\n\n\n1\n OMB Bulletin No. 07-04, issued September 4, 2007, supersedes OMB Bulletin No. 06-03, Audit\nRequirements for Federal Financial Statements.\n\n\n                                                   2\n\x0c      Review of NRC\xe2\x80\x99s implementation of the Federal Managers\xe2\x80\x99 Financial Integrity Act for Fiscal Year 2007\n\n\n\nAGENCY COMMENTS\n\nA draft of the report was provided to NRC management. The Office of the Executive\nDirector for Operations and the Office of the Chief Financial Officer had no comments.\n\nSCOPE/CONTRIBUTORS\n\nWe evaluated the internal control related to NRC\xe2\x80\x99s implementation of the FMFIA for\nFY 2007, and conducted our work in November 2007, in accordance with Generally\nAccepted Government Auditing Standards. This audit was conducted by Steven\nZane, Team Leader; Kathleen Stetson, Audit Manager; and Michael Steinberg, Senior\nAuditor.\n\nIf you have any questions, please contact me at 415-5915 or Steven Zane at\n415-5912.\n\ncc:     Chairman Klein\n        Commissioner Jaczko\n        Commissioner Lyons\n        V. Ordaz, OEDO\n        M. Malloy, OEDO\n        P. Tressler, OEDO\n\n\n\n\n                                                    3\n\x0c'